Google Chrome Update Fixes 2013's 1st Critical Flaw

Below:

Next story in Tech and gadgets

The new update for Google's Chrome browser doesn't offer any new
features, but it will keep you safe from a number of potential
hacks and hijacks. Google has fixed 12 security flaws, including
its first critical flaw since December 2012.

Since Google is still distributing the update to all Chrome
users, it has restricted access to its explanations of each flaw.
Otherwise, would-be hackers could simply read how to exploit each
vulnerability and catch Chrome users before the fixes go into
effect.

Google awarded $500 to user "daniel.zulla," who discovered this
update's only medium-risk vulnerability. This flaw allowed
malefactors to take advantage of memory corruption in Chrome's
developer tools.

Of more interest are the high-risk vulnerabilities, for which the
rewards ranged from nothing (Google employees do not receive
bonuses for fixing security flaws) up to $1,500. Most of these
fixes involved "use-after-free" memory, which could provide a
fertile space for malware.

User Collin Payne discovered a particularly interesting high-risk
vulnerability as well, involving use-after-free memory in
database interfaces. Although Google has not yet revealed the
exact details of the potential exploit, it liked Payne's work
enough to award him $1,337 — an amount that corresponds to
Internet-speak for "elite." [See also:
5 Looming Threats That Keep Security Experts Up at Night ]

The star of the show, however, was the one critical flaw,
discovered by in-house Chrome security personnel. Google
describes it as "memory corruption in SSL socket handling." This
basically means that when using functions that require
secure socket layer (SSL) protocols, such as email or social
network logins, a hacker could take advantage of corrupted data
to run malicious code on a user's machine.

Google will automatically update all Chrome browsers over the
next few days, but if you want the update right away, just click
on the options toolbar and "About Google Chrome." The program
will automatically detect the latest version and update to it.

This update represents the discovery of Chrome's first critical
security flaw of 2013. With any luck, it will be the last as
well.